andrewmusselman opened a new issue, #545:
URL: https://github.com/apache/tooling-trusted-releases/issues/545
## Summary
Full stack traces are displayed to users in error pages, exposing internal
paths, database connection strings, and potentially sensitive data.
## ASVS Requirements
- 7.4.2 - Generic error message handling
## Related Audit Reports
- [Credential Stealing #403](ASVS/credential-stealing-403.md) - Section 2
## Affected Files
- `atr/server.py:463-465`
- `atr/templates/error.html:20-25`
## Current Behavior
```python
# server.py
tb = traceback.format_exc()
return await template.render("error.html", error=str(error), traceback=tb,
status_code=500), 500
# error.html
{% if traceback %}
<pre>{{ traceback }}</pre>
{% endif %}
```
## Risk
- Internal file paths exposed
- Database connection strings potentially visible
- Session data may appear in traces
- Framework version information disclosed
## Recommended Fix
```python
# In server.py
if config.get_mode() == config.Mode.Production:
tb = None # Don't expose traceback in production
else:
tb = traceback.format_exc()
return await template.render("error.html", error="An unexpected error
occurred", traceback=tb, status_code=500), 500
```
## Acceptance Criteria
- [ ] Stack traces hidden in production mode
- [ ] Generic error message shown to users
- [ ] Full traces still logged server-side
- [ ] Unique error ID returned for support correlation
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
